Apache HTTP Server allows remote attackers to obtain sensitive information (CVE 2003-1418)

Mar 28, 2023

Apache HTTP Server allows remote attackers to obtain sensitive information

Summary

This vulnerability applies to functionality when the system uses Apache HTTP Server in certain versions. No Supported TeraStations use these versions. Some scanning tools have reported a false positive.

TeraStation Series	Apache Version
TS7010	Web Access: 2.4.23
TS6000 / TS5020	Web Access: 2.4.23; Trend Micro AV: 1.3.42
TS5010 / TS3010 / TS3020	Web Access: 2.4.23; Trend Micro AV: 1.3.42

Vulnerability ID	Vulnerability Overview
CVE 2003-1418	Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

Affected Supported TeraStations

None

Back to Security Notices

Date	Description
3/16/2022	Initial release

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Latest Article

Buffalo Americas Product Life Cycle Status Change Notice - BS-MP2008 & BS-MP2012 Business Switches

Apache HTTP Server allows remote attackers to obtain sensitive information (CVE 2003-1418)

Apache HTTP Server allows remote attackers to obtain sensitive information